From 0e47e1e02dc00dfb0774d34794f551a4d20b6609 Mon Sep 17 00:00:00 2001
From: LenneSon <117883879+LenneSon@users.noreply.github.com>
Date: Fri, 10 Jan 2025 13:00:42 +0800
Subject: [PATCH] 20250110001 - GitLab Critical Updates (#1155)

* 20250110001 - GitLab Critical Updates

* Update 20250110001

Applied templated layout

---------

Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
---
 ...110001-GitLab-Critical-Updates-Advisory.md | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 docs/advisories/20250110001-GitLab-Critical-Updates-Advisory.md

diff --git a/docs/advisories/20250110001-GitLab-Critical-Updates-Advisory.md b/docs/advisories/20250110001-GitLab-Critical-Updates-Advisory.md
new file mode 100644
index 00000000..b37155c4
--- /dev/null
+++ b/docs/advisories/20250110001-GitLab-Critical-Updates-Advisory.md
@@ -0,0 +1,25 @@
+# GitLab Releases Critical Updates - 20250110001
+
+## Overview
+
+GitLab has released critical updates for their GitLab Community Edition(CE) and GitLab Enterprise Edition (EE) products. Successful exploitation could allow an attacker trigger a pipeline as another user under certain circumstances.
+
+## What is vulnerable?
+
+| Product(s) Affected | Versions(s) | CVE  | Severity     | CVSS |
+| ------------------- | ----------- | ---- | ------------ | ---- |
+| GitLab CE/EE | - 15.8 < 16.11.5 <br> - 17.6 < 17.6.3 <br> - 17.7 < 17.7.1 | [CVE-2024-5655](https://nvd.nist.gov/vuln/detail/CVE-2024-5655) | 9.6  | **Critical** |
+| GitLab CE/EE | - 15.8 < 16.11.6 <br> - 17.0 < 17.0.4 <br> - 17.1 < 17.1.2 | [CVE-2024-6385](https://nvd.nist.gov/vuln/detail/CVE-2024-6385) | 9.6  | **Critical** |
+| GitLab CE/EE | - 8.14 < 17.1.7 <br> - 17.2 < 17.2.5 <br> - 17.3 < 17.3.2  | [CVE-2024-6678](https://nvd.nist.gov/vuln/detail/CVE-2024-6678) | 9.9  | **Critical** |
+| GitLab CE/EE | - 11.6 < 17.2.9 <br> - 17.3 < 17.3.5 <br> - 17.4 < 17.4.2  | [CVE-2024-8970](https://nvd.nist.gov/vuln/detail/CVE-2024-8970) | 8.2  | High |
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- GitLab Security Release: <https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/>
+
+## Additional References
+
+- SecurityOnline: <https://securityonline.info/gitlab-tackles-critical-security-flaws-in-latest-patch-release/>